Hey everyone. Good luck in the final exam today.
Just a reminder that the password for the binaries will be released on this page https://plsdonthaq.me/info when the exam starts. Exam instructions are also on that page.
Hello again! I've uploaded the binaries to the skeleton site ( https://plsdonthaq.me ) on the info page. The binaries are encrypted and the password to decrypt them will be released on the exam date.
Please download these ahead of times to avoid and internet issues on the day.
Please don't try to attack course infrastructure before or during the exam (including enumerating challenge ports, bruteforcing challenges, DoS attacks), or attempting to bruteforce the password to decrypt the binaries. It's no fun if you do...
Hello all. Hope studies & exam period is going well.
The final exam will be at 1 pm on Wednesday. The exam will be on http://plsdonthaq.me/ . Currently this website just has a skeleton exam, hopefully you have time to read the information here to understand the format of the exam.
I will release the binaries (encrypted with gpg) a day before the exam, and on the day of the exam, the password to decrypt these challenges will be released. The source auditing and reversing challenges will be made available on the website during the exam.
If you notice anything wrong with this announcement or the exam skeleton, please let me know asap!
As always if you have any questions about content feel free to ping me on slack for a chat.
I've uploaded last years final exam, and some practice challenges as prep for the final exam. They can be found at http://auth-prod.io/practice.zip . Enjoy :)
Hi All. It took longer than expected to get all the assignments marked due to a really bad case of the flu (marks available to person who submitted). Since the assignment is due in a few days, and a lot of you got feedback, I think its only fair to extend the due date to give you time to take some of these comments into mind.
Assignment due date will be extended to Tuesday 11th, at 6pm. Please email us if there's any issues.
Hi everyone,
We are getting to the end of term, which is probably a stressful time for everyone, so hope you are all staying safe.
To help everyone plan ahead, here are the final exam details:
The same details are here , and we'll keep the page updated as we finalise more of the exam format.
If you have any general questions, please post in the Slack channel or the webcms3 forum. If you have any personal concerns about the exam, please email cs6447@cse.unsw.edu.au .
Hey again. Tomorrow we will be having a revision lecture over the past 8 weeks of content.
I think the best way to conduct the lecture/revision class will be for people to post or upvote questions here . Please try to post questions related to any topic in this course that you'd like me to go over tomorrow.
I'll also prepare some small slides on each weeks content, but hopefully majority of tomorrow will be answering peoples questions.
See you soon
Hi all. congrats on submitting the first part of the fuzzer. There's been some feedback to the submission/testing guidelines, and so we've made some changes.
Importantly, for the final submission, you will be able to submit an install script called `install.sh`, which will be run before your fuzzer, and let you setup the environment by installing any libraries/tools you may need. More details on the assignment page.
Also the assignment binaries have been updated again , to fix some bugs. Please re-download them from here
https://webcms3.cse.unsw.edu.au/COMP6447/20T2/resources/46223
Hi All. It's just come to my attention that the 2 CSV challenges had unintended bugs in them (which would make it harder for you to test your fuzzer). I've reuploaded all the challenges with this in mind. These reuploaded challenges are the ones you'll be marked against. You can download them here - https://cloudstor.aarnet.edu.au/plus/s/UFgbluP1AHPbV9Z .
For the interested people, the issue was if you entered a single " into any of the csv challenges, the parser would segfault. This probably wouldn't be an exploitable bug.
Congratulations to nearly everyone for finishing the mid-term exam! It was quite a difficult exam, and you should be proud of yourself for getting through it.
If you're interested, Adam's sample solutions are
here
.
There will be no lecture this week due to flexibility week, but Ben and Colin will be running two revision labs for you. They will likely be going over the mid-term exam and harder wargames from previous weeks, but it will mainly be driven by questions from the students on the call.
You can access the Zoom call by going
here
, they'll be using the links they normally use for that lab slot.
Ben's revision lab will be at
Thursday 1pm - 3pm.
Colin's revision lab will be at
Thursday 5pm - 7pm
.
If you can't make either time slot:
Hey everyone, Congrats everyone on completing the midterm exam.
This exam was challenging, and you should all feel pretty good after completing it regardless of how you went. The exam had 3 challenges, and we've seen there have been a lot of students that got really close to solving one challenge, but missed out on one or two simple steps. If you think you fall into this case where you got really close to solving one challenge, please complete this form by tuesday week 6 and we will take a second look at apply a partial mark.
Form: https://forms.gle/P1zN2ydDD1H7LGL86
Also reminder the assignment has now been released at https://webcms3.cse.unsw.edu.au/COMP6447/20T2/resources/46223 . The challenges have been uploaded to this page, please register your groups once you know who will be in your group
Hello, hopefully you all know the midsem exam starts tonight.
The exam will be run on moodle, if you have issues logging in to moodle, now is the time to let us know!
If you have any questions please email us!
Hi everyone!
Wargame 4 is now live on the server, with ASLR turned on. We've re-uploaded the binaries , so please re-download them if you downloaded them before 8:30pm on Jun 23.
Other administrivia:
If you have any questions, please don't hesitate to reach out :)
All the best with your preparations for the mid-term. Happy hacking!
Hi all, hope the wargames are going well so far.
Just wanted to send out a quick note to remind some students what our policy is on attempting to take down course infrastructure. Most of you are doing a good job at being a fair player in this course, and using the infrastructure we have set up for the wargames to learn, and practice on.
There are a few people however that think it is funny to ruin the fun for the rest of us. When you solve a challenge, you are running commands on a server you
do not
own, this server is shared between the rest of the students in the course. Running commands to try to crash the server such as (but not limited to) shutting down[1], fork bombing[2] or trying to remove the flag/challenge[3] is strictly against the good faith policy. Doing anything that will result in other students not being able to learn/attempt the challenges will result in you being banned from connecting to the wargame servers (and an email from us asking you to explain why we should let you complete the course).
Thanks!!
Example logs we have.
[1] [2020-06-10 16:28:08]: <trace> [1720d24c-6338-46b0-89fe-08f412e1fa22] 203.xxx.xxx.xx: shutdown now
[2] [2020-06-10 16:39:09]: <trace> [a3b0b6f3-beac-44b7-9e0d-255a3c42ac6b] 203.xxx.xxx.xx: :(){ :|: & };:
[3] [2020-06-10 10:57:55]: <trace> [888cc636-480c-422e-ba2b-3c2a8fa0cf4c] 110.xxx.xxx.xx: rm flag
Hi everyone!
Just a reminder that Wargame 1 is due tomorrow (Tuesday) before the start of the lecture.
Adam is going to be teaching reverse engineering and buffer overflows in tomorrow's lecture, and they will be the focus of this week's lab and wargame (both already released).
Thank you all for your patience as we get into the swing of online learning, and I hope you are all enjoying the course so far. If you have any queries or concerns please don't hesitate to reach out via email (cs6447@cse.unsw.edu.au).
This course has a lot of self learning involved. This is always difficult, especially if you've never done such a hands-on course before. We recommend joining the course discussion which can be found at https://seceduau.slack.com , in the #comp6447 channel, a lot of informal course discussion will occur here, and it is the perfect place to look for help from both course staff as well as other students when you are stuck.
Thanks and hope you enjoy the course!
Hi everyone!
Welcome to Week 1 of COMP6447!
Our first lecture is tomorrow (Tuesday) at 6pm, and the details for that can be found in the
Lectures
page. Zoom works best if you have the native app installed, so we recommend that you set it up before tomorrow's lecture. We'll be going through an overview of the course, and Brendan Hopper will be covering the history of hacking, and an introduction to thinking about how computers work.
The lab for Week 1 is already up if you're super keen to get started on the course. And the wargames for Week 1 will be released by the end of the lecture tomorrow. Don't worry if everything looks daunting at the moment, your friendly tutors will be walking you through examples during your lab. You should expect to see an email from your tutor soon with details on how to join the online lab this week, so keep an eye out for that!
In the mean time, there are 4 polls under Activities . Please fill them out, as they will help us gauge everyone's current situation.
If you have any questions, please post them in the Forums .
See you all tomorrow at 6pm!
Hi everyone,
The COMP6447 teaching staff are all very excited for this course! The course outline is out now for your perusal. If you have any questions, please post them in the forum.
To help you prepare for this course, we've come up with a list of prerequisite knowledge that will help you with this course:
If you are unfamiliar with any of these topics, please review them before the start of Week 1 -- COMP1521 and Operating Systems course notes are good places to find the relevant information.
We also recommend that you have access to a Linux box - a VM is fine. On that box, you'll need
pwndbg
,
pwntools
, and
binary ninja
. Lab 1 will be getting everyone set up, so don't panic if you're unsure about something of these things!
Enjoy the rest of your holidays, and see you all online for our first lecture next Tuesday at 6pm!